- More security tests are shifting left
As the testing phase of software development increasingly “shifts left”—from a discrete step in the development cycle to part of developers’ daily responsibilities—security tests are quickly being integrated as well. The software QA testers who are working to build the test infrastructure need to have a solid grasp of security, said TestGuild’s Colantonio.
“Developers and software engineers—because you want to push software through development and into production faster, with this whole movement to ‘shift left,’ you want to automate as much as possible. So future tasks may not focus on traditional test automation—it could be anything automation, particularly in the case of a lot of security tools, where they automatically scan for vulnerabilities at a check in, even before the code gets to the security team.”
—Joe Colantonio
- Application security: Champions needed
In addition, software QA testers and engineers are often the bridge between the security team and developers, so they increasingly need to teach about security and privacy requirements. Without knowing the basic security concepts, designing privacy and security into the application will be difficult, said Micro Focus’ Knobloch.
“App sec is always going to be out numbered, many to one. The security person on the team is only one guy, so he ends up doing all the security projects, which is not what you want. So the role of application security and application testers are to mentor the developers in how to do the security stuff.”
—Martin Knobloch
Leave a Comment